ACL usage revisted (need feedback)
ken at oceana.com
Tue Feb 10 09:46:26 EST 2004
Jason Williams wrote:
> Maybe someone can explain this to me, but are there any other options to
> getting ACL functionality working correctly, besides using Sendmail?
> Maybe im wrong, but im thinking Sendmail is our only option.
If you want to use the Cyrus ACLs to control who can send email (post)
to a mailbox, you have no choice but to have the MTA pass the userid of
the poster to lmtpd (via AUTH=). This is the only way that lmtpd knows
who is sending the message (looking at the headers or the envelope is
unreliable because they can be easily forged).
I don't know much about Postfix, but I would imagine that you could
restrict posting by using some kind of external lookup (LDAP, SQL, etc).
This obviously has the downside of requiring a set of "posting" ACLs
which are separate from the rest of the mailbox ACLs.
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
Home Page: http://asg.web.cmu.edu/cyrus
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus